Author: fdmanana
Date: Thu Apr 21 10:48:09 2011
New Revision: 1095649
URL: http://svn.apache.org/viewvc?rev=1095649&view=rev
Log:
By default, allow only admins to trigger delegated replications
Modified:
couchdb/trunk/src/couchdb/couch_js_functions.hrl
Modified: couchdb/trunk/src/couchdb/couch_js_functions.hrl
URL:
http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_js_functions.hrl?rev=1095649&r1=1095648&r2=1095649&view=diff
==============================================================================
--- couchdb/trunk/src/couchdb/couch_js_functions.hrl (original)
+++ couchdb/trunk/src/couchdb/couch_js_functions.hrl Thu Apr 21 10:48:09 2011
@@ -147,6 +147,8 @@
}
var isReplicator = (userCtx.roles.indexOf('_replicator') >= 0);
+ var isAdmin = (userCtx.roles.indexOf('_admin') >= 0);
+
if (oldDoc && !newDoc._deleted && !isReplicator) {
reportError('Only the replicator can edit replication documents.');
}
@@ -187,6 +189,12 @@
}
if (newDoc.user_ctx) {
+ if (!isAdmin) {
+ reportError('Delegated replications (use of the ' +
+ '`user_ctx\\' property) can only be triggered by ' +
+ 'administrators.');
+ }
+
var user_ctx = newDoc.user_ctx;
if ((typeof user_ctx !== 'object') || (user_ctx === null)) {
